Transcription

1 getting started with Symantec Endpoint Encryption A user guide from Royal Mail Technology For further help, contact the IT Helpdesk on ( ) March 2010

2 Contents 1 Introduction to Symantec Endpoint Encryption Storing a file on removable USB drive (e.g. memory stick, external hard drive, etc.) Saving to USB Drive for storage or sharing internally Saving to USB Drive for Sharing Externally Sending a File securely via Receiving an Encrypted File via Access an encrypted file on a USB drive, on a RMG computer with SEE installed Access an encrypted file on a USB drive on a computer without SEE installed Accessing a Self-Extracting file on a Removable USB Drive Storing and Accessing files on CD/DVD Saving to CD/DVD for storage or internal transfer Saving to CD/DVD for External Transfer Accessing Files on a Secure CD/DVD Accessing on a RMG computer with SEE installed Accessing on a computer without SEE installed Accessing a Self-Extracting file on a CD/DVD Drive...21 Appendix A. Using the SEE User Client Console...23 Appendix B. Exchanging information securely our policies...27

3 1 Introduction to Symantec Endpoint Encryption Symantec Endpoint Encryption (SEE) software ensures that only authorised users are allowed to access removable devices such as memory sticks or CD/DVDs and that any information written to these devices is secure. When SEE is installed on your PC or laptop, you ll be automatically registered as an authorised user. This will mean that any file you save to a removable device will be automatically encrypted. This process will be seamless and you will be able to open documents on your PC as normal without noticing any difference. However, when sharing files with RMG users without SEE installed or with external users, you will need to create a separate file with a password. For details, go to section 2 - Storing a file on removable USB drive When SEE is installed, you ll also get an application for burning files to a CD/DVD, ensuring they are always encrypted. This application will replace all other CD burning software in RMG. Full details are in section 7. Symantec Endpoint Encryption (SEE) supports the RMG information security policies, further details of which can be found in Appendix B.

4 2 Storing a file on removable USB drive (e.g. memory stick, external hard drive, etc.) 2.1 Saving to USB Drive for storage or sharing internally Step 1 Whenever you save a file to a USB removable device, that file will now be automatically saved as an encrypted file. This means the file can only be accessed or shared internally within RMG. Step 2 The file icon displayed in Windows Explorer now includes a padlock, indicating the file is encrypted. Step 3 You can now remove the USB drive from your computer. All RMG computers will have Symantec Endpoint Encryption (SEE) installed by the end of July While the rollout takes place, only computers with SEE installed will be able to access files saved in this manner. The file won t open on RMG PC s without SEE installed or on external computers such as your home computer or one belonging to an external partner. If you need to share the information in the file with external third parties, or anyone in RMG who has not yet had the software installed, you will need to use a password to encrypt the file. See section 2.2 below.

5 2.2 Saving to USB Drive for Sharing Externally When sharing information on a removable USB drive with external third parties, or anyone in RMG yet to have the software installed, you will need to create a Self Extracting Archive (.exe) file encrypted with a password that you supply. The information will only be accessible to a third party by using that password. Step 1 Insert the removable USB drive into your computer. Step 2 Select the file(s) to be encrypted. Using Windows Explorer, browse to the location of the file(s) that you want to encrypt. A single file or multiple files can be encrypted to a self extracting file. Right-click the selected file(s), point to Symantec, and select Encrypt to self-extracting file.

6 The SEE Removable Storage Self-Extracting Archive dialogue box appears Step 3 Complete the fields in the Dialog box as follows: In the Archive Name field, type a name for the self-extracting file or use the default archive name that is displayed. The archive name can be different to the names of the files contained within it, however, it makes it easier for the recipient if you name the archive file with the same name as the original file. If you do use a different name ensure you advise the recipient of the names of the individual files so they can find the files when they extract them to their computer. Select the file path for the removable USB drive in the Encrypt to field, or browse to the appropriate folder in the Folders/Drives box. You need to save the archive directly to the removable device. If moved to the device later, the recipient won t be able to view it. To create a new folder or subfolder, select an existing folder then click the New folder button. The Create Folder dialogue appears. In the new folder field, type the name of the new folder and click OK. Your folder is created and you are returned to the SEE Removable Storage Self- Extracting Archive box to complete. If you have already saved a self-extracting file of the same name to this location and want to replace it with this one, tick the Overwrite existing files box.

7 Tick the Password to allow you to enter a password in the Password and Confirm boxes. Click Encrypt Step 4 When the encryption is complete you ll get this message: Step 5 Click OK to confirm Step 6 Send the removable device to the external third party Step 7 Send the password to the third party separately and securely via , or over the telephone. You should never send a password with the removable media on which it is encrypted. Ensure the password is at least eight characters long and is a mix of upper and lower case letters, numbers and symbols.

8 3 Sending a File securely via (Please be aware that the functionality in this section may not work whilst our systems are prepared for the migration from Lotus Notes to Microsoft Outlook) If you need to send a file to someone outside RMG using , you ll need to create a Self Extracting Archive file, encrypted with a password that you supply. The information will only be accessible to a third party by using that password. Step 1 Select the file(s) to be encrypted and ed Using Windows Explorer, browse to the location of the file(s) that you want to encrypt. A single file or multiple files can be encrypted to a self extracting file. Right-click the selected file(s), point to Symantec, and select Encrypt, rename and The SEE Encrypt, rename and dialog box appears

9 Step 2 Complete the fields in the Dialog box as follows: In the Archive Name field, type a name for the self-extracting file or use the default archive name that is displayed. The archive name can be different to the names of the files contained within it. It makes it easier for the recipient if you rename the archive. If you do use a different name ensure you advise the recipient of the names of the individual files. This will enable them to find the files when they extract them to their computer. Tick the Password to allow you to enter a password in the Password and Confirm boxes Click Step 3 Complete the Message details When the encryption is complete a New Mail is displayed with the encrypted file attached and a message telling the recipient how to access the file is included in the Mail Body Add the Recipient details and Subject and Send the message Step 4 Send the password to the third party separately and securely via a separate , or over the telephone. You should never send a password with the containing the encrypted file. Ensure the password is at least eight characters long and is a mix of upper and lower case letters, numbers and symbols.

10 4 Receiving an Encrypted File via (Please be aware that the functionality in this section may not work whilst our systems are prepared for the migration from Lotus Notes to Microsoft Outlook) When the recipient receives the encrypted file as an attachment, they save the attachment to their computer, and rename the attachment so that it has.exe as the file extension, instead of.rse. They then double click on the renamed file to display the SEE Removable Storage Extractor screen. They complete this by choosing the location on their computer in the Extract to field and the password you gave them in the password box. The file is extracted to the specified location and can be accessed by the recipient in the normal way. When looking for the extracted files, keep in mind that they might have different names to the archive file. If you are unsure you will need to contact the sender of the file.

11 5 Access an encrypted file on a USB drive, on a RMG computer with SEE installed In the screen shot below, a USB Drive containing an encrypted file has been plugged into your computer and is accessible as Drive F: The encrypted files appear in the folder listing in Windows Explorer. The padlock symbol which can be gold or red - indicates that the file is encrypted. A gold padlock means you can copy or open the file without a password. A red padlock means you will need to enter the password to decrypt the file when you try to copy or open it. When sharing encrypted files with other RMG users with SEE installed, this will not occur. If a file is displayed with the extension.exe and a padlock symbol, it has been saved as a self extracting executable archive. For details on accessing the files in the archive, refer to the next section.

12 6 Access an encrypted file on a USB drive on a computer without SEE installed Files encrypted and copied by SEE in the normal way (as described in section 2.1) cannot be opened automatically on a computer without SEE installed. If anyone tries to access the files using Windows Explorer they will see files with XML added to the end of the file name. If they try to access one of the files by double clicking it, this message will appear If this occurs because the user is waiting for SEE to be installed on their computer, the originator of the file should copy the file as a self extracting file as described in section 2.2 and send them the password separately and securely.

13 7 Accessing a Self-Extracting file on a Removable USB Drive Files that are to be securely transferred externally will be encrypted and should be saved as a self extracting file (as described in section 2.2) Step 1 To access these files, open Windows Explorer. The files will be displayed with a padlock symbol as shown here. To extract an unencrypted version of the file to your hard disc so you can access the file as normal. Double-click the self-extracting file name to start the process. A dialog box is displayed and you need to fill in the details. Step 2 Extract to: Type the name of folder on your hard disc where you want to save the extracted file to or Press to select the folder Password Enter the password provided by the originator, in the box (this is the password that was used when the self extracting file was originally created). Press Extract Note the number of remaining password attempts. Step 3 If the password is correct you will see this message and a normal unencrypted file will be placed on your hard drive that you can access as normal When looking for the extracted file(s), keep in mind that they may have different names to the archive file. The person who created the self-extracting file will be able to advise the original file names.

14 If you enter the wrong password, you see this message and will be able to try again to re-enter the password After five wrong passwords, you ll see this message You will not be able to try to decrypt the file again for a period of five minutes (the screen shot above was taken with one minute remaining).

15 8 Storing and Accessing files on CD/DVD 8.1 Saving to CD/DVD for storage or internal transfer When SEE is installed on your computer, it installs a program to burn files to a CD or DVD. This program will replace all other versions of CD burning Software in RMG. Follow the process below to burn files to a CD or DVD. Step 1 To launch the CD-DVD Burner, click Start - All Programs - Symantec Endpoint Encryption - SEE-RS Edition CD-DVD Burner, as shown below. Alternatively you can right click on the SEE User Client icon in the system tray (bottom right hand corner of your screen) and select Symantec Endpoint Encryption - SEE-RS CD-DVD Burner

16 Step 2 Complete the following dialogue box. An explanation of the fields and how you complete them follows: The Destination Drive drop-down list displays all of the available CD/DVD drives. Select your CD/DVD Drive. The Policies box is for information and indicates that files burned to disc will be encrypted. The Disc Information box gives you information about the disc currently in the selected drive. The Files and/or Folders to be burned box displays a list of files and folders that you select for burning. As you add files and folders using the buttons at the bottom of the screen they are added to this list. Add Files - This button allows you to select individual files from your computer to be added to the CD/DVD. Add Folders - This button allows you to select folders from your computer to be added to the CD/DVD.

17 Remove files - If you have added a file or folder to the list and change your mind before burning the CD/DVD you can remove it by selecting it from the list box and clicking this button. If you want to add a label to the CD/DVD before type the name in the Disc Volume Label box. burning, Step 3 Burn when you have selected all the files to be burned, press this button. The files are prepared, encrypted and finally written to the CD/DVD. The progress of each stage can be monitored in the Progress bar and the Activity Details box Step 4 When all files have been written successfully, this message appears. If you need to create a another CD/DVD with the same files, put a new disc in the CD/DVD writer and click Yes If you are finished, click No to end the Burner program.

18 8.2 Saving to CD/DVD for External Transfer Any files, which will be transferred to a Third party, must be stored on the CD/DVD as self extracting executables, using a password which must be supplied to the third party. The self extracting files will have to be created on your hard drive first, before copying to the CD using the CD/DVD writer. Step 1 The process for creating a self extracting archive on the hard disc is almost identical to the process for creating a self extracting archive on a Removable device as detailed in section 2.2. The only difference is in Step 3, when you are completing the Encrypt To part of dialog box. You need to save the self extracting file to a location on your hard drive. Complete the fields in the Dialog box as follows: In the Archive Name field, type a name for the self-extracting file - or use the default archive name that is displayed. The archive name can be different to the names of the files contained

19 within it. It makes it easier for the recipient if you name the archive file with the same name as the original file. If you do not use a different name ensure you advise the recipient of the names of the individual files. This will enable them to find the files when they extract them to their computer. Type the file path for the location on your hard drive where you want to save the file, in the Encrypt to field, or browse to the appropriate folder in the Folders/Drives box. You need to save the archive directly to the hard drive for copying to the CD at a later date. To create a new folder or subfolder on your hard disc, select an existing folder then click the New folder button. The Create Folder dialogue appears. In the new folder field, type the name of the new folder and click OK. Your folder is created and you are returned to the SEE Removable Storage Self-Extracting Archive box to complete. If you have already saved a self-extracting file of the same name to this location and want to replace it with this one, tick the Overwrite existing files box. Tick the Password to allow you to enter a password in the Password and Confirm boxes Click Encrypt Step 2 Once you have saved the self extracting file to your hard disc, you use the CD/DVD writer utility to copy that archive to your CD following the instructions in section 8.1 of this guide.

20 9 Accessing Files on a Secure CD/DVD 9.1 Accessing on a RMG computer with SEE installed If you are accessing a CD/DVD on an authorised workstation in RMG, then the files will appear with the gold padlock icon (described in section 5) and can be accessed as described for files on a removable USB device also detailed in section 5 of this guide. 9.2 Accessing on a computer without SEE installed If you try to access encrypted CD/DVD files from an RMG computer without SEE installed or any external computer, you won t be able to, unless the files have been saved as self extracting files. If not, when you access the CD/DVD files in Windows Explorer, you will not icons and the file names will end in and look at the see the padlock XML. If you try to access one of the files by it, you get this message: double clicking

21 10 Accessing a Self-Extracting file on a CD/DVD Drive A self extracting archive that has been saved to CD/DVD can be accessed using the same steps detailed for accessing a self extracting archive on a removable USB device. The process is explained in section 7 of this guide.

22 Appendix - Additional Information

23 Appendix A. 1. Reviewing SEE account Settings Using the SEE User Client Console The User Client Console can be launched at any time from the Start Menu, to review and modify your SEE settings, if required. The User Client Console displays your user name in the top right corner of screen, as you are the user currently logged on to the workstation. The Left column contains a menu of the options available to you. They include an option to change/review Account Settings You can only make changes to the settings of your own account. If any check boxes are greyed-out, this means you do not have the necessary privileges to change this setting. The majority of settings in the console will be greyed-out. To review or modify your account settings, select the appropriate option under the Account Settings portion in the left column. For example, you can review the One Time Password settings by clicking the One Time Password option, under Account settings. Since RMG are using SEE for Removable Storage only, the option for One Time Password is not used, so selecting that option displays this message

24 A similar message is displayed if Authenti-Check is selected, as that feature is not used with Removable storage either. Selecting the Password option displays this message, because your registered SEE account uses the same password as your normal Windows User account. Use the Quick Help icon to display the Quick Help pane, then move your mouse over to the option on the left hand pane on which you want help. 2. Reviewing SEE Removable Storage Policies You can review the SEE policies in place on your computer. Removable Storage is enabled on your computer, so to review the policies in relation to Removable devices, click on the Removable Storage option on the left hand side to see a description of those policies on the right hand side. In the example shown below, you are allowed to read and write to removable devices. Any new files you write to the removable device will be encrypted automatically by SEE. 3. Setting or Changing your Default Password

25 When you want to securely transfer a file to a third party via a removable device(described on page 7 of this guide), you have to supply a password. You will need to share the password with the authorised third party, who can then use the password to decrypt the file and access the information. To simplify the process, you can specify a default password. The default password can be used for every file you are going to share, avoiding the need to type a password for every individual file. You can change that default password from the SEE User Client console. Step 1 Select the Default Password option in the console Step 2 Enter the new password in the Password and Confirm Password boxes Step 3 Click OK to save the new password. Note on Passwords:

26 The Default Password panel displays the password length that is required by RMG policy, the symbols that are allowed in your password, and any requirements for the number of symbols, uppercase letters, lowercase letters, and/or digits that your password must contain. The RMG password policy requires you to ensure the password is at least eight characters long and is a mix of upper and lower case letters, numbers and symbols.

27 Appendix B. Exchanging information securely our policies Our policies covering the secure exchange of electronic information are: 1. Information Classification Policy - How to exchange information securely Royal Mail Group information must be classified according to the sensitivity of the content of the data. We have four levels of classification: Level PUBLIC INTERNAL CONFIDENTIAL STRICTLY CONFIDENTIAL Description Information that has been created for external distribution, or released under the Royal Mail Publication Scheme, to meet the requirements of the Freedom of Information Act (2000). Information accessible to all employees, agents and contractors relating to the ongoing business of the Royal Mail Group. Information that has been assessed to be of a sensitive nature and likely to cause damage following unauthorised disclosure. Information meeting the classification standards of government departments, the security services or clients, or assessed to be so sensitive that unauthorised disclosure would cause acute organisational damage. All data that isn t rated Public as described above i.e. Internal, Confidential or Strictly Confidential, must be encrypted when copied from your PC or laptop to a form of removable media, such as CD, DVD, USB drive (memory stick, external hard drive, etc.) or any other removable media. For more information, please see: Information Classification Policy-v1.1.pdf 2. Encryption Policy Exchanging removable media with external third parties When exchanging files with a third party, you must ensure that the information is protected during the exchange. If using mobile media, you need to create a self-decrypting file (see page 7 of this guide). The password for decrypting the file should never be sent with the mobile media on which it is encrypted. Always send the decrypting password separately in an or over the telephone. For more information, please see Encryption Policy-v1.1.pdf 3. User Access Management Policy

28 When choosing a password for your third party encrypted file, ensure it s at least eight characters long and contains a mix of numbers, upper and lower case letters, and symbols. To access the file, the third party will need to enter the password you created. They will have five attempts to input the correct password before the file becomes locked. For more information, please see - User Access Management Policy-v1.1.pdf To see our policies and supporting guidelines in full, go to

Managing Contacts in Outlook This document provides instructions for creating contacts and distribution lists in Microsoft Outlook 2007. In addition, instructions for using contacts in a Microsoft Word

This document describes how to configure, implement, and manage a local archive for your SonicWALL CDP appliance. It contains the following sections: Feature Overview section on page 1 Using Local Archiving

IT Services Training Guide Encryption Introduction to using 7-Zip It Services Training Team The University of Manchester email: its.training@manchester.ac.uk www.itservices.manchester.ac.uk/trainingcourses/coursesforstaff

CHAPTER 5 Backing Up and Deleting Files Video files can be copied from the hard disk to external storage media, such as CD-R, DVD, MO, or ZIP drives. Video files saved on the hard disk can be easily deleted

How to use Office 365 with your OneDrive File Storage Facility As a student at Pembrokeshire College you will have access to Microsoft s Office 365 and the OneDrive file storage facility. Microsoft Office

Apptix Online Backup by Mozy Restore How do I restore my data? There are five ways of restoring your data: 1) Performing a Restore Using the Restore Tab You can restore files from the Apptix Online Backup

Online Backup by Mozy Restore Common Questions Document Revision Date: June 29, 2012 Online Backup by Mozy Common Questions 1 How do I restore my data? There are five ways of restoring your data: 1) Performing

ProjectWise Explorer V8i User Manual for Subconsultants & Team Members submitted to Michael Baker International Subconsultants & Team Members submitted by Michael Baker International ProjectWise Support

Migrating From Bobcat Mail To Google Apps (Using Microsoft Outlook and Google Apps Sync) This document is intended for those users moving from WVWC s Bobcat Mail system to the new Google Apps mail system

NOTE: Before installing PGP, Word needs to be disabled as your editor in Outlook. In Outlook, go to Tools: Options: Mail Format and uncheck Use Microsoft Office Word to edit e-mail messages. Failure to

Encrypting Files Using AxCrypt Documents, spreadsheets, databases, and other files that contain personal information or other sensitive information MUST BE encrypted when being transmitted to someone else

How to: Using archive files in Microsoft Outlook Preface This 'How To' will guide you in archiving or making a backup of your Outlook folders. Keep in mind that these are two different actions: A backup

Migrating From WVWC Mail to Google Apps This document is intended for those users moving from WVWC s old mail server to the new Google Apps mail system. If you DO NOT have bobcats in your email address,

How To Configure CU*BASE Encryption Configuring encryption on an existing CU*BASE installation INTRODUCTION This booklet was created to assist CU*Answers clients with the configuration of encrypted CU*BASE

Email Archiving Archiving is a process by which your email messages and attached files are moved from the database on our email server to a location on your computer. This document contains step-by-step

How to manage the Adaptive Call Recorder (v.9-50) The Adaptive Hybrid Call Recorder records all telephone calls that are made and received. Recording calls provides an audit of what was said in every conversation.

Access E-Mail from Anywhere through the Internet Start your Internet Browser i.e. Internet Explorer Go to www.saisd.net Refer to Quick Links on the right side of the page Click on Web Outlook Were it shows

The Wheelock College Guide to Understanding Microsoft Outlook Web Access Maintained by: Wheelock College Department of Information Technology Version 1.1 June 2006 https://mail.wheelock.edu This document

Encrypting a USB Drive Using TrueCrypt This document details the steps to encrypt a USB Pen drive using TrueCrypt. TrueCrypt is free and open-source security software allowing encryption of documents and

Getting Started Getting Started MagicConnect is a remote access service that allows you safe remote access to a target device from your remote device. What is a remote device? It is a Windows device, iphone/ipad,

User Guide Version 3.0 April 2006 2006 Obvious Solutions Inc. All rights reserved. Dabra and Dabra Network are trademarks of Obvious Solutions Inc. All other trademarks owned by their respective trademark

GCSx Email Guide for Internal Users How to send sensitive business and personal information securely Document control Description Version V.2 Created May 2013 GCSx Email Guide for Internal Users Status

INTRODUCTION TO WINDOWS AND FILE MANAGEMENT Windows 7 The Work Environment Your computer monitor is designed to resemble a desktop and is often referred to as such. Just as you might put on a regular desktop,

Royal Derby Hospital 2011 Education, Training and Development I.T. Training Department NHS Mail Basic Training Guide Version 3.1 ND 05/11 No amendments should be made to the document without the Authors

How to access your email via Outlook Web Access 1) Open your internet browser and type in the following address: www.law.miami.edu * Aol users must minimize their browser and use Internet Explorer 6.0+

Cox Business Online Backup Quick Start Guide Release 2.0 Cox Business Online Backup Quick Start Guide i IMPORTANT: You must notify Cox in advance if you would like to move or relocate your telephone Service.

Using SSH Secure File Transfer to Upload Files to Banner Several Banner processes, including GLP2LMP (Create PopSelect Using File), require you to upload files from your own computer to the computer system

E-mail Encryption SecurenCrypt e-mail encryption was designed to work as a plug-in with Microsoft Outlook. The following instructions are geared toward users encrypting e-mail with Outlook. However, throughout

There are several ways to eliminate having too much email on the Exchange mail server. To reduce your mailbox size it is recommended that you practice the following tasks: Delete items from your Mailbox:

Database Concepts 3.5 David M. Kroenke and David J. Auer THE ACCESS WORKBENCH Section 6 Database Administration in Microsoft Access 2007, 2008, 2009 by Prentice Hall, David Kroenke, and David Auer At this

Moving your GroupWise archive to Outlook 2010 Key step to take the day after your e-mail upgrade About this guide /transformation Who should use it This guide is intended for those DBHDD (Department of

OFFICE 1 File Management Files and Folders Most of your tasks in Windows XP will involve working with information stored on your computer. This material briefly explains how information is stored in Windows

Transitioning from TurningPoint 5 to TurningPoint Cloud - LMS 1 A Turning Account is a unique identifier that is used to tie together all software accounts and response devices. A Turning Account is required

Jumble for Microsoft Outlook Jumble is a zero knowledge, end- to- end email encryption solution that integrates with existing email platforms. Jumble integrates at the email client level and removes the

appendix d Tracking with the Standalone r Copies of QuickBooks aren t cheap, so the people who do your bookkeeping are probably the only ones who have access to the program. Meanwhile, you may have dozens

Hosting Users Guide 2011 eofficemgr technology support for small business Celebrating a decade of providing innovative cloud computing services to small business. Table of Contents Overview... 3 Configure

Welcome to the City of Sarasota s Outlook Web Access (OWA). As a member of the Board you are required to use your City-issued email address for correspondence that is related to the business of the Advisory

Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation

Outlook Web Access Logging in to OWA (Outlook Web Access) from Home 1. Login page http://mail.vernonct.org/exchange 2. To avoid these steps each time you login, you can add the login page to your favorites.

Chapter 3 ADDRESS BOOK, CONTACTS, AND DISTRIBUTION LISTS 03Archer.indd 71 8/4/05 9:13:59 AM Address Book 3.1 What Is the Address Book The Address Book in Outlook is actually a collection of address books

Transitioning from TurningPoint 5 to TurningPoint Cloud - NO LMS 1 A Turning Account is a unique identifier that is used to tie together all software accounts and response devices. A Turning Account is